QA-SSCP

Systems Security Certified Practitioner

The (ISC)2 Systems Security Certified Practitioner (SSCP) certification covers seven domains which they describe as 'the compendium of topics pertaining to an Information Systems Security Practitioner', the CBK (Common Body of Knowledge). The seven domains maps directly to the seven modules of this course listed below, it is referred to as a taxonomy or collection of past, present and future topics around Information Security.

The SSCP is aimed at security go-to-people, on the front line of a business dealing with technologies employed to protect Information. If you are responsible for implementing and maintaining countermeasures such as Firewalls, Intrusion Detection or Prevention, Anti-Virus solutions or Public Key Infrastructures and you want a certification to attest to your skills and professionalism within Information Security, this is it.

Leads to Certification

The (ISC)2 SSCP exam is not a part of the course.

(ISC)² are completing the final stages of implementing Computer-Based Testing (CBT) for all certification exams throughout 2012 to create a better user experience for a larger pool of candidates and greater global exam accessibility. Candidates can begin registering for Computer-Based Testing (CBT) for the CISSP, CISSP concentrations and the SSCP certification exams via CBT worldwide beginning June 1, 2012, with the ability to sit for an exam as early as the next day.

To book the new CBT exam requires the candidate to acquire a Pearson VUE testing voucher. Please note, the price of the voucher is not included in the RRP of this course

Beginning September 1, 2012, (ISC)² will no longer offer paper-based testing (PBT) for any of its certification exams except for candidates located in areas outside of a 75-mile radius from an approved testing center and on a case-by-case basis. August 24, 2012 is the last day candidates can register to sit for regularly scheduled PBT exams occurring through August 31, 2012.

This credential is ideal of those who have already obtained or are working towards positions such as: Security Administrators; Security Systems Analysts and Network Security Administrators.

It may also be of interest to those who desire a better understanding of security, but do not have a direct security role, examples of these could include: System Administrators; Network Administrators; Systems Analysts; Auditors and Database Administrators.

Required experience: one year working in the Information Security arena, covering at least one of the domains from the SSCP CBK. Proof of this must be supplied to (ISC)2

If you do not have the experience right now, you could pass the exam and obtain Associate of (ISC)2 status. You would then obtain full SSCP when you complete the experience required and are approved by (ISC)2. This course will consolidate delegates knowledge across the CBK but successful exam candidates should be prepared to read around the subjects covered to strengthen their knowledge before taking the exam, a recommended reading list of approved (ISC)2 books can be downloaded in the form of a 'Candidate Information Bulletin' from www.isc2.org.

The full requirements for talking and obtaining SSCP certification can be found at http://www.isc2.org

Why should I complete this certification before CISSP?

SSCP maps to just over half of the CISSP required knowledge, so it is great as a precursor or certification path to follow if you intend on obtaining CISSP in the future.

Build a relationship with (ISC)2 and use the many member benefits to manage and improve your career as a Information Security professional.

SSCP allows you to waive one year of the 5 years experience required to pass CISSP, (other certifications can also allow this).

Prior knowledge

If you wish to sit the SSCP exam you must have one year working in the Information Security arena, covering at least one of the domains from the SSCP CBK. Proof of this must be supplied to (ISC)2.

Objectives:

Course Outline:

Module 1: Access Controls

Identification Authentication Authorisation and Accounting

Logical Access Controls (Subjects accessing Objects)

Implementing Authentication

Access Control Models, MAC, DAC, NDAC and RBAC

TCSEC, ITSEC and Common Criteria

Module 2: Cryptography

Public Key Infrastructure's

Confidentiality and Integrity

Digital Signatures

Transmission Security

Module 3: Malicious Code and Activity

Viruses, Trojan's, Worms and their characteristics

Anatomy of an attack

Hackers and Crackers

Incident detection and prevention, tools and techniques

Module 4: Monitoring and Analysis

Security Auditing and Frameworks

Vulnerability and Penetration Testing

IDS and IPS and Firewalls

Logging and Monitoring

Module 5: Networks and Communications

OSI and Networking Technologies

TCP/IP and LAN based protocols

Remote Access Protocols

Wireless Security

Module 6: Risk, Response and Recovery

Risk Management

Business Continuity Planning

Disaster Recovery Planning

Incident Response and Forensics

Module 7: Security Operations and Administration

Policies, Standards and Guidelines

Change and Configuration Management

System Development Lifecycle

Security best practices

Certification

The (ISC)2 Systems Security Certified Practitioner (SSCP

Examinations

The exam is not a part of the course, delegates will be required to ... Läs mer

Objectives:

Course Outline:

Module 1: Access Controls

Identification Authentication Authorisation and Accounting

Logical Access Controls (Subjects accessing Objects)

Implementing Authentication

Access Control Models, MAC, DAC, NDAC and RBAC

TCSEC, ITSEC and Common Criteria

Module 2: Cryptography

Public Key Infrastructure's

Confidentiality and Integrity

Digital Signatures

Transmission Security

Module 3: Malicious Code and Activity

Viruses, Trojan's, Worms and their characteristics

Anatomy of an attack

Hackers and Crackers

Incident detection and prevention, tools and techniques

Module 4: Monitoring and Analysis

Security Auditing and Frameworks

Vulnerability and Penetration Testing

IDS and IPS and Firewalls

Logging and Monitoring

Module 5: Networks and Communications

OSI and Networking Technologies

TCP/IP and LAN based protocols

Remote Access Protocols

Wireless Security

Module 6: Risk, Response and Recovery

Risk Management

Business Continuity Planning

Disaster Recovery Planning

Incident Response and Forensics

Module 7: Security Operations and Administration

Policies, Standards and Guidelines

Change and Configuration Management

System Development Lifecycle

Security best practices

Certification

The (ISC)2 Systems Security Certified Practitioner (SSCP

Examinations

The exam is not a part of the course, delegates will be required to book their own exam through (ISC)2 and should reference www.isc2.org for a schedule.